Authentication
How to authenticate with Drapier API using JWT tokens or API keys.
Authentication
Drapier API supports two authentication methods:
Bearer JWT Token
Used for publisher dashboard operations (viewing earnings, generating links, managing settings).
How to get a token
Option 1: Email + password
curl -X POST /api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com", "password": "your-password"}'Option 2: Magic link
curl -X POST /api/v1/auth/magic-link \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com"}'Check your email for the sign-in link. After clicking it, exchange the token:
curl -X POST /api/v1/auth/verify \
-H "Content-Type: application/json" \
-d '{"token": "TOKEN_FROM_EMAIL_LINK"}'Using the token
Include it in the Authorization header:
curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
/api/v1/publishers/me/dashboardTokens expire after 24 hours.
API Key
Used for machine-to-machine access: product feed downloads, deep link generation, and programmatic API access.
How to get an API key
After logging in with JWT, generate a key:
curl -X POST /api/v1/publishers/me/api-key \
-H "Authorization: Bearer YOUR_JWT"The response contains your full API key (prefix in_). Save it immediately — it is hashed and cannot be retrieved later.
Using the API key
Include it in the Authorization header as a Bearer token:
curl -H "Authorization: Bearer in_YOUR_API_KEY" \
/api/v1/feeds/YOUR_PUBLISHER_ID/products.xmlAPI keys do not expire but can be regenerated (which invalidates the old key).
Endpoints by auth type
| Auth | Endpoints |
|---|---|
| None | POST /publishers/apply, POST /contact, GET /health |
| JWT | /publishers/me/*, /commissions/me, /feeds/me, /invoices, /users/me/*, /organizations/* |
| API Key | /feeds/:id/products.:format, /publishers/deep-link |